Category Archives: Mobility

So your sister has a Windows Mobile 3 that she loves. The old Audiovox phone. And they just moved to Exchange 2007 at the office and she’s hoping to get the phone to sync up with the Exchange. She doesn’t want to get a new phone or an iPhone or a Blackberry or a Google phone or any other phone, she loves the size of the Audiovox device. But the SSL cert they used has a wild card *.domain name and the Windows Mobile 3 and 5 do not like a wildcard cert.

On the Windows mobile 3 device I went into the registry of the device and added a dword key to basically tell it to merely accept the SSL cert and not do a name check on it.

HKCU\Software\Microsoft\Activesync\Partners\ID for the Mobile 5 devices

HKCU\Software\Microsoft\Airsync\Connection\ for the Mobile 3 devices

Under that registry, in the second below with all the other information, merely add a dword value. Then name of it will be secure and the value is 0 (zero), which look like 0x0 when it’s done and on the device.

What this does is stops the device from checking the cert. The connection is still fully SSL’d and secure. I then put the SSL cert from the server on the device itself by going to the OWA web site, exporting the SSL cert from the web site, putting it via a usb sync cable to the device and installing the cert on the device itself. And then voila. It worked.

Picture is blurry as I took it from my other phone …another still fully operational Audiovox device as well, but you can get the idea

P.S. when any geeky person says “simply browse to the registry key on a mobile device” and you wonder how do to that if the device doesn’t have a built in registry editor, check out Resco’s registry editor for mobile devices: http://www.resco.net/smartphone/explorer/default.asp

Folks have said in the past that not all certs are created equal, that it depends on the phone. That’s true but you should be able to get most phones to work. The issue is that some phones have already certain trusted roots inside of them. Some “may” have Godaddy, some don’t. In fact a way to see ahead of time which certs will work and which ones won’t is to examine the phone’s root certificate folder and see which vendors are listed. If they do not trust the vendor of your third party SSL cert, you need to get their certificate bundle “on” the phone. To do this for godaddy certs, follow this post:

For those using Starfield (GoDaddy) issued certs, you must install the ValiCert root certificate. To download the ValiCert root follow the first 3 steps above to get to your installed certificates. Next view the certificate for your OWA server. Click the Issuer Statement button. You should be taken to a page with all sorts of ValiCert info and options. Near the bottom of the page is a CER file in DER format. Download and copy to your WM device. Install the cert by double-tapping in File Explorer or equivalent. That’s it!

Copy it to the phone, to someplace like my documents so you can find it, then ‘tap’ on it to install it. Then you should be good to go.

EDIT… you also need a godaddy specific cert on the device that I exported from the root mmc. All my mobile 6’s liked the Godaddy cert, the Mobile 3’s I had to get the cert on the device. I’ve attached the two certs I used to get them to work (see the attached files)

Windows Mobile 5.0 & ActiveSync

We have a few Windows Mobile 5.0 devices appearing and need to get them hooked up to our Exchange 2003 system. We have the infrastructure already in place as we use Outlook Web Access and Outlook Mobile Accesss. We have our front-end servers load balanced and port 443 mapped through from the outside world.

Like its predecessor Windows Mobile 2003, WM 5.0 lacks a wide selection of trusted root certificates installed by default. If you’re using a non-maintream or self-issued certificate you’ll need to do a little extra configuration to get ActiveSync working over the air. With WM 2003 there was a tool to disable certificate checking but it’s not compatible with WM 5.0. Instead follow these instructions:# In Internet Explorer go to your Outlook Web Access site and ensure your certificate is installed. To check the name of it you can double click on the padlock icon in the bottom right of the browser.# Now in the Internet Options in IE go to the Content tab and click the Certificates button.# Now go to the Trusted Root Certificate Authorities and find your certificate.# Select the certificate and click on the Export button. Follow the wizard and select ‘DER Encoded Binary x.509′ when prompted.# Choose a suitable file name and finish the wizard.# You’ll now need to copy the exported certificate to your PocketPC device either via a memory card or by USB. Once it’s on your PPC simply tap it with the stylus and follow the prompts to install it.

With the certificate successfully installed you should be able to synchronise over the air. This worked perfectly for me and I can now securely sync via ActiveSync over USB or OTA.

There I said it. I don’t normally give up on technology but I’ve given up on trying to get an AT&T Tilt connected via bluetooth to act like a modem for a laptop. Instead I will just loan out my wireless card that ALWAYS works.

All of the websites/and boards talked about … well it works.. but don’t forget to reset your phone after using it as it messes up the networking. Huh? Why is it with phones these days that the geeks consider what they do to get it to work normal?

It seems to me the cell phones have turned into the new arena of bad customer service lately. Reminds me of the time that Lily Tomlin did the Ernestine skit where she said “We’re the phone company… we don’t care! We don’t have to!”

I as a customer of AT&T STILL waiting for the promised Windows Mobile 6 upgrade to the Treo 750, I am amazed that once again Microsoft Mobile platform is being totally slammed again by OEMs. The folks on the forums are googling for bootleg versions of Windows Mobile 6 because they have had it with the vendor saying ‘soon…soon”.

Meanwhile we are teaching people how to go download software from untrusted locations. Way to go vendors. Lets train customers to go to bootleg sites just because they are so darn frustrated with the manner in which you are promising upgrades.

Just yesterday in fact, a fellow mvp who had a cab file that gave a Windows mobile 6 phone the ability to do RDP was asked to remove it from the file download location. The argument was that it was piracy.

Well excuse me but who is more of the pirate here? If I’m a large corporate AT&T customer, word is that the upgrade is available. If so, that makes AT&T more the pirate than their customers.

Sometimes I just don’t get business. Yeah if the goal is to make the customer so frustrated that they will give up and buy the new phones, I guess that’s a win for the company, but it’s not a good long term win in my book. Verizon opening up the door to non Verizon phones is a start… a good start.. http://www.eweek.com/article2/0,1895,2222771,00.asp but it’s one that should be sooner versus later.

It’s funny isn’t it that the item called “mobility” is offered by some of the least flexible vendors out there?

“Here at the Phone Company we handle eighty-four billion calls a year. Serving everyone from presidents and kings to scum of the earth. (snort) We realize that every so often you can’t get an operator, for no apparent reason your phone goes out of order [snatches plug out of switchboard], or perhaps you get charged for a call you didn’t make. We don’t care. Watch this [bangs on a switch panel like a cheap piano] just lost Peoria. (snort) You see, this phone system consists of a multibillion-dollar matrix of space-age technology that is so sophisticated, even we can’t handle it. But that’s your problem, isn’t it ? Next time you complain about your phone service, why don’t you try using two Dixie cups with a string. We don’t care. We don’t have to. (snort) We’re the Phone Company!”– Lily Tomlin, as Ernestine

It has also been mentioned in Support chats with Palm reps to have been released to a small group of high volume cooporate customers for upgrade to current devices only after a huge NDA agreement with those companies.

Both of these can be seen as a good thing and as more widespread testing of the update / build in real time situations as it has been mentioned from Palm that they have had a particularily tough time with issues in this release.

Is it just me or are they coming out with a lot of big server land products that I just don’t see them able to scale down to the small biz size. And maybe the way to go for these types of server platforms is to hope that Microsoft is planning to do a hosted version (like they are with Forefront)

Robust Security Management platform for Windows Mobile devices. Mobile Device Manager uses Active Directory/Group Policy—the most widely deployed enterprise network directory in the world—allowing IT professionals to set and control policies in a single, familiar environment. • Comprehensive Device Management solution for software distribution and device inventory management in a complex organizational environment. With advanced features such as policy enforcement, inventory and reporting, and software targeting in one solution, System Center Mobile Device Manager provides an all-inclusive solution for all Windows Mobile Device Management needs. • Mobile VPN delivers increased worker productivity with a single point for security-enhanced, behind-the-firewall access to corporate data and line-of-business (LOB) applications on Windows Mobile devices. This is achieved through a cutting-edge mobile VPN optimized for the mobile environment.

Well that was easy. I literally connected the Treo 750 to “my” computer, ran through the “connect to exchange activesync” wizard, stuck the two certs (I have ISA) on the device that I have parked on my computer and voila.

The easiest way to get a cert off your system and on to a device is to go into IE and find the two certificates, both in your trusted root certificate store in IE and export them anywhere. Then put the cable with the device, go into explore …..

Once the device is attached, go into Explore and find a folder location that you can remember to find on the device.

Dump the cert files into this folder location

Now take the device and typically it’s a matter of tapping enter on the cert to “install” it on the device. The 750 didn’t need any hacking or unlocking or anything to get it to accept the self signed cert. Heck it didn’t even mind being temporarily activesync’d to a totally different workstation.

Now to figure out if we can do Comcast email “and” hotmail email “and” Outlook Exchange all at the same time…..

You could probably use the desktop updating tool, but I wanted to confirm this process worked first.Dig out that sync cable that you never use but once in a blue moon and then you forget where you stuck it, dump the cab file update on the phone under my documents. Browse to that location, click to install. Now… go to the phone settings (this is the part I forgot earlier), and change the time zone on the phone to another time zone and PRESS DONE or whatever you need to do to have the phone “take” the zone change. Now change it back to your proper time zone and press DONE again. This is the key I forgot. You need to press done to reset the timezone to another zone and then back.

Set an appointment in the Outlook on the desktop for say… March 17th at noon and place the word “Noon” in the subject line. Sync the phone. Check that the appointment on the 17th is at noon on the phone. If the phone says “noon” and the appointment is showing it’s at noon, do a “IT happy dance”. If not, go back and make sure you truly CHANGED the time zone and not just scrolled to it. Do the St. Patrick’s Day test again (as this is a day in between when the time changes on the 11th and when in April when it normally would. Get to where you can do an “IT happy dance” on each mobile phone/device in your office.

…how many phones are out there in the universe and every single one of them needs a dst patch and a time zone change? Ouch. I cannot see anyway short of touching every phone that big server land are going to be able to have “IT happy dances”, do you?